[c-nsp] 6500 - Is it possible to sniff DSCP values over RSPAN?
Dennis
drockz at gmail.com
Thu Jan 4 07:45:01 EST 2007
" that is if you enable 'mls qos' it silently stomps all
over the dscp values unless you disable this. not obvious that enabling
QoS would cause this issue. When I saw this, i asked cisco to raise a
bug on it, I don't have an ID handy though."
I'm not sure why this would qualify as a bug... this is good security
behavior IMO... just because you enable QOS does not mean you want to trust
all markings on all switch ports. Any host could configure QOS and mark
their traffic to get priority on the network. The default behavior seems to
follow the good security practice of implicitly deny unless it's explicitly
allowed...
Cheers,
Dennis
More information about the cisco-nsp
mailing list